1. Field of Invention
The invention relates to network devices such as network smart cards, to systems comprising such devices, and to methods for authenticating users with network devices.
2. Description of the Related Art
Network smart cards are smart cards with networking capabilities, described in particular in US20050108571 (“Secure Networking Using a Resource Constraint Device” Lu, H. K., Montgomery, M. and Ali, A.). A network smart card is a smart card that is also an Internet node. The network smart card implements standard Internet protocols and security protocols inside the card.
Being an Internet node that is secure, portable, and tamper resistant, a network smart card can be used to secure online transactions and to prevent online identity theft, as explained in particular in WO2005048087 (“System and Method for Preventing Identity Theft Using a Secure Computing device”, Lu, H. K. and Ali, A.).
One of the currently most common, almost universal, online user experience to login to a remote service provider (i.e. server) is summarized below.
As an example, an online user John Smith wants to access his online banking account with AbcBank*com.1 The following is a typical sequence of events:
1. John Smith goes to the bank's website. He types in www*AbcBank*com into his browser. A web page from AbcBank*com shows up.
2. (Optional) John Smith views some new offerings by the bank and may visit other pages, which do not require login.
3. John Smith clicks the login link (or button).
4. A login page shows up. John Smith enters his user name and password, and clicks “Go”.
5. A post-login page from AbcBank*com shows up, which may say “Welcome John Smith”. 1In conformity with 37 CFR 1.57(d) which prohibits use of executable hyperlinks in patent documents, this document uses asterisks in lieu of periods in example hyperlinks. In actual practice, these asterisks would, of course, be periods.
A user goes through a similar experience when going to other websites where he has accounts, for example, ebay*com. In an online shopping case, Step 2 is typically for shopping around. When the user decides to buy something, he clicks login (Step 3).
It is well known that using user name and password is not secure because a spyware, for example, a keystroke logger, could steal the username and password without user's notice. A spoofed website can also trick the user to enter his login credential. In addition, good passwords are hard to remember while poor ones are easy to guess by attackers. To achieve better a security, various methods have been proposed.
Various mechanisms have been proposed to alleviate this problem. For example, some hardware tokens automatically fill-in the username and password and some websites ask users to enter more information. These methods may make it more difficult to steal login credentials, but cannot prevent spyware, Trojan horses, spoofed websites and others from stealing the information because the username, password, and others are still entered one way or another to the users' computer in clear formats. There are also One Time Password (OTP) devices and methods. But the weaknesses of OTP are well documented. Issues associated with current solutions are highlighted below.
1—Conventional Smart Cards:
Smart cards are typically used to secure network access, for example, for a corporate or a private network. A user inserts a smart card to his computer, which may be on or off a network. He types in a password to login to his computer. This provides a two-factor authentication: what you know (password) and what you have (the card). Recently, new smart cards have been introduced and allow a user to use a smart card to login to remote servers using the methods described in the next two sections (less secure than regular smart cards but more convenient in certain applications). These new methods are more secure than conventional username and password scheme, but sometimes an attacker can still break them without too much trouble.
2—Form-Fill (Can be Embedded in a Smart Card):
Some password management software and hardware tokens allow users to register their usernames and passwords. When logging into a remote server, the software or the token automatically fills-in the username and password into the login form. Such method is convenient for the user and may make it more difficult to steal login credentials. However, the form-fill method cannot prevent spyware, Trojan horses, spoofed websites and others from stealing the information, because the username and password are still entered one way or another to the users' computer in clear formats.
3—One-Time Passwords (Can be Embedded in a Smart Card):
As its name indicates, the one-time password (OTP) is used exactly once, after which it is no longer valid. It is a very strong defense against eavesdroppers, who might captures user's input to the computers. There are various ways to implement one-time password. The most secure ways involve using hardware tokens or called handheld authenticators. The OTP is typically used with username and password, providing a two-factor authentication. The following outlines several representative one-time password mechanisms.
3.1—Time-Based One-Time Passwords
The time-based OTP uses a clock and a secret key as the inputs to some function to compute the one-time password. The user holds a secure token, which has a secret key, an internal clock that is synchronized with the authentication server, and a display. The user may need to enter a PIN to use the secure token. The display shows some function of the current time and the secret key. It changes over time. The user enters the displayed value as the password to login to the server. The server consults with the authentication server to identify the user. The authentication server uses its copy of the secret key, the clock, and the same function to compute the response. If the response matches with the user's password, the authentication server confirms the user's identity. The function used for computing the response may be some cryptographic algorithm, as explained in particular in Cheswick, W. R., Bellovin, S. M., and Rubin, A. D., “Firewalls and Internet Security, Second Edition,” Addison-Wesley, 2003.
Some OTP mechanisms use some kind of sequence number, such as a transaction number, instead of time. The basic method is similar to time-based OTP.
3.2—Challenge/Response One-Time Passwords
The challenge/response OTP uses a non-repeating challenge from the authentication server. The response is a function of the challenge and a shared secret between the server and the client. The response may be computed by client software or a hardware token, or even by the user (in his mind). The hardware token is the strongest authentication tool. The user enters the PIN and the challenge to the token. The token computes the response from the challenge and the secret key; and displays the response as the password. Because no clock or sequence number involved, this method does not have synchronization problem, as explained in particular in Cheswick, W. R., Bellovin, S. M., and Rubin, A. D., “Firewalls and Internet Security, Second Edition,” Addison-Wesley, 2003. However, it does require the user to do a little more work to enter the challenge. It is a different trade-off between security and convenience.
3.3—Smart Card Based One-Time Passwords
Recently, some companies have demonstrated smart card based OTP methods. These methods use a hardware token that is a smart reader, has a display and a keypad. The smart card is inserted to the token. The user may authenticate himself to the smart card by entering a PIN through the token. Instead of the token generating the OTP, the smart card generates the OTP, which is displayed on the token. The OTP may be generated using sequence number based method or challenge/response based method. The user uses the OTP to login to the remote server.
As mentioned earlier, most of the existing OTP mechanisms have weaknesses, such as the following.
1. Private keys are used for computing the OTPs. The OTP server maintains the private keys of its clients. The key databases are attractive targets for attackers.
2. The OTP methods typically require client and server synchronization. The mechanism fails to work when the client and the server are out of synchronization.
3. The OTP typically has a fixed length, which may subject to authentication race attack on the last digit of the password.